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(54) Automated tracking of certificate pedigree 

(57) A method of automatically tracking a certificate 
pedigree is provided, in which a new user is provided 
with a piece of hardware containing a predetermined 
pedigree certificate stored therein, the predetermined 
pedigree certificate having a level of trust bearing a re- 
lationship to a category of hardware of which the pro- 
vided piece of hardware is a member. An automated 
registration arrangement is provided which can be ac- 
cessed only by users having a piece of hardware con- 
taining a predetermined pedigree certificate having a 



specified level of trust stored therein. When the new us- 
er accesses the automated registration arrangement 
using the provided piece of hardware, the automated 
registration arrangement provides the new user with an 
individual signature certificate having a level of trust 
commensurate with that of the pedigree certificate. The 
automated registration arrangement flags the new us- 
er's individual signature certificate with the level of trust 
of the pedigree certificate in an appropriate storage ar- 
ea, including the certificate itself. 
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Description 

BACKGROUND OF THE INVENTION 
Field of the invention 

[0001 ] The present invention relates to digital certifi- 
cates in a PKI (Public Key Infrastructure). More partic- 
ularly, the present invention relates to the automated 
tracking of a certificate pedigree of digital certificates in 
a PKI to enable a determination as to the trustworthiness 
of a digital certificate. 

Description of the Related Art 

[0002] A PKI is a set of policies, procedures, and soft- 
ware that permit an organization to generate, issue, and 
manage public/private cryptographic keys in a manner 
that allows users to reliably determine the identity of the 
owner of each public/private key pair. The key compo- 
nents of a PKI include: (1) a mechanism for reliably con- 
veying the identity of a key pair's owner to the end user; 
(2) software applications for generating and managing 
key pairs that support this mechanism; (3) a set of pro- 
cedures for generating and revoking key pairs that en- 
sures that the identity of the owner can be reliably de- 
termined; and (4) a set of policies defining who may ob- 
tain public/private key pairs and identifying how each 
pair may be used. 

[0003] As to component (1) of a PKI, most PKIs es- 
tablish that the user owns a key pair by using an elec- 
tronic document called a digital certificate. Digital certif- 
icates contain information identifying the owner of the 
key pair, the public component of the pair, and the period 
of lime for which the certificate is valid. The digital cer- 
tificate also identifies technical information about the 
key itself, such as the algorithm used to generate the 
key and the key length. 

[0004] Certificates are generated by organizations 
that are responsible for verifying the identity of individ- 
uals, or in some instances, other organizations to which 
certificates are being issued. The identity of the certify- 
ing organization, referred to as a certificate authority, is 
recorded in each certificate, which is then signed using 
a private key known only to the certificate authority itself. 
This allows users to verify both the integrity of the cer- 
tificate and the identity of the authority that issued it. 
[0005] Certificate authorities generally employ any of 
a number of different commercially available software 
products to manage the creation, renewal, and revoca- 
tion of certificates. These Certificate Management Sys- 
tems (CMS) take information obtained through the user 
registration process, create a certificate, and sign it with 
the certificate authority's private key. The applicable 
CMS software maintains a database of all of the certifi- 
cates that it has issued, and their statuses. The CMS is 
also responsible for revoking certificates, and for pub- 
lishing a certificate revocation list that identifies the date 



on which each certificate was revoked, and the reason 
for the revocation. This information allows relying users 
(that is, those individuals or systems that are performing 
encryption or signature verification actions based on 
5 certificates) to review the status of a certificate, to as- 
sess its usability. A list of distribution points from which 
the CRL can be obtained are identified in the certificate 
itself. 

[0006] In issuing a certificate, a certificate authority is 

10 stating that is has verified that the public key that ap- 
pears in the certificate (and, by extension, the corre- 
sponding private key) belongs to the individual listed in 
the certificate. The integrity with which the registration 
process operates is therefore of great importance. The 

15 process must provide mechanisms for reliably identify- 
ing an individual and for verifying that the public key list- 
ed in the certificate belongs to that individual. Equally 
important, the certificate authority must provide proce- 
dures for revoking certificates in the event that the pri- 

20 vate key is compromised. A compromised private key 
calls into question the entire basis for trusting a certifi- 
cate, since more than one individual may be using that 
private key to sign documents, or more than one indi- 
vidual may be able to decrypt documents encrypted us- 

25 jng the corresponding public key. 

[0007] Relying individuals and organizations must 
have a clear understanding of their certificate authority's 
operation processes. As a result, most certificate au- 
thorities publish a Certificate Practice Statement (CPS) 

30 that details the processes for registering users, issuing 
certificates, renewing certificates and revoking certifi- 
cates. The CPS is normally published on the certificate 
authority's website. 

[0008] Certificates often contain additional informa- 

-35 tion that identifies an individual as a member of a par- 
ticular organization and perhaps the role that they play 
in the organization. For example, the certificate may 
identifying the certificate holder as being either an em- 
ployee of a company or a customer or subcontractor or 

40 supplier of the company The policies determining who 
is eligible to hold a certificate are therefore important if 
individuals and organizations are to rely upon this infor- 
mation. These policies govern the overall operation of 
the certificate authority. 

45 [0009] The policies u nder which users register for cer- 
tificates determine the initial degree of trust that a relying 
party should place in a certificate. However, the manner 
in which the public key associated with the certificate is 
protected is equally as important. Private keys may be 

50 stored in any of several different ways. They may be 
placed on password protected public storage media, 
such as directories or databases. They may also be 
stored on password protected media accessible only to 
the certificate holder or to a relatively small number of 

55 persons, such as a floppy disk, the hard drive of the cer- 
tificate holder's personal computer, or a portable stor- 
age device such as a smart card. A more secure storage 
medium is provided by hardware tokens containing en- 
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cryption "engines." These hardware tokens actually 
generate and store the private key and perform all en- 
cryption/decryption functions within the token. Hard- 
ware tokens typically require a password to activate 
and, since they remain in the position of the certificate 
holder at all times, are substantially more secure than 
other storage media. 

[0010] In a manual registration process, a human reg- 
istration agent may ascertain the nature, or "pedigree ," 
of the storage media on which the certificate and its cor- 
responding private key are stored. When the process of 
issuing a digital certificate is automated, there is no way 
of keeping track of the "pedigree" of the certificate which 
was generated. That is, was the certificate originally 
generated on a client PC or on a smart card or on a hard- 
ware token? The different categories of hardware com- 
puting devices are all capable of generating digital cer- 
tificates which, from a software standard, are identical 
in format and content. 

[001 1 ] The pedigree of the digital certificate can have 
a significant bearing on the business functions to which 
that certificate is applied. That is, a certificate generated 
on a client PC will typically be less trustworthy than a 
certificate generated on a hardware token in that hard- 
ware tokens are typically more difficult for hackers to 
compromise than conventional PCs and hence certifi- 
cates generated by such tokens have a higher level of 
trust. Accordingly, unless the PKI can keep track of the 
pedigree of the certificate, one may not know what level 
of trust to place on business functions associated with 
that certificate. 

[001 2] Unfortunately, earlier PKI registration process- 
es provide no automated mechanism for tracking the 
pedigree of a certificate, that is : they provide no mech- 
anism for keeping track of what kind of hardware was 
used to generate the private/public key pair. In cases 
where pedigree checking has been required, the track- 
ing was performed manually. Manual tracking is expen- 
sive and time-consuming. 

SUMMARY OF THE INVENTION 



automated registration arrangement, such as special 
Registration Web pages on the Internet, can be ac- 
cessed only via the associated pedigree certificate, one 
Web page for each pedigree certificate, for example. Ac- 

5 cordingly if a user accesses one of the special Regis- 
tration Web pages . the user must be employing the spe- 
cial hardware of the corresponding category since only 
that category of hardware possesses the requisite ped- 
igree certificate and associated private key. Thus, the 

10 user can be issued a digital certificate having a level of 
trust commensurate with the pedigree certificate of the 
special hardware of the user. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



[0016] The foregoing and a better understanding of 
the present invention will become apparent from the fol- 
lowing detailed description of example embodiments 
and the claims when read in connection with the accom- 

20 panying drawings, all forming a part of the disclosure of 
this invention. While the foregoing and following written 
and illustrated disclosure focuses on disclosing exam- 
ple embodiments of the invention, it should be clearly 
understood that the same is by way of illustration and 

25 example only and the invention is not limited thereto. 
The spirit and scope of the present invention are limited 
only by the terms of the appended claims. 
[00171 T h e following represents brief descriptions of 
the drawings, wherein: 

30 

Figure 1 is a block diagram illustrating an exemplary 
architecture of a network in which the PKI process- 
es of the present invention may be practiced. 
Figure 2 is a partial block diagram illustrating the 
35 steps performed by a manual technique for gener- 
ating a signature certificate with pedigree tracking. 
Figure 3 is a block diagram illustrating the steps per- 
formed in accordance with an embodiment of the 
technique of the present invention. 

40 

DETAILED DESCRIPTION 



[0013] In accordance with the present invention, a 
new category of certificate, called a "pedigree certifi- 
cate" is created. A single pedigree certificate may be 
shared in common among all elements of a given cate- 
gory of hardware. For example, all smart cards having 
identical security properties will be loaded with a com- 
mon pedigree certificate and its associated private key. 
This pedigree certificate will be loaded only onto these 
smart cards, and will be used for no other purpose. 
[001 4] In accordance with the present invention, spe- 
cific categories of hardware, such as smart cards or 
USB (Universal Serial Bus) tokens, are pre-loaded with 
a pedigree certificate and associated private key desig- 
nating the hardware type, one pedigree certificate being 
designed for each category of hardware. 
[0015] In accordance with the present invention, an 



[0018] Before beginning a detailed description of the 
subject invention, mention of the following is in order. 

45 When appropriate, like reference numerals and charac- 
ters may be used to designate identical, corresponding, 
or similar components in differing drawing figures. Fur- 
thermore, in the detailed description to follow, example 
sizes/models/values/ranges may be given, although the 

so present invention is not limited thereto. Lastly, well- 
known components and connections have not been 
shown within the drawing figures for simplicity of illus- 
tration and discussion and so as not to obscure the in- 
vention. 

55 [0019] Fig. 1 illustrates an exemplary architecture of 
a network 100 in which the Public Key Infrastructure (P. 
K.I) processes of the present invention may be prac- 
ticed. However, it should be understood that the present 
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invention is not limited to the network 1 00 of FIG. 1 . The 
network 100 includes data entry 102, which performs a 
data entry function for authoritative database 1 04 , which 
is resident on the server platform 1 06. A server platform 
106 is referred to in this description, but it should be un- 
derstood that the present invention is not limited to any 
particular server architecture. The server platform 1 06 
may be, without limitation, a UNIX or Windows NT serv- 
er. The authoritative database 104 contains information 
about members of the group or enterprise for which PKI 
services in accordance with the present invention are 
performed. The present invention is not limited by the 
structure of the group enterprise for which information 
is stored in the authoritative database 104. The author- 
itative database 104 information includes, without limi- 
tation, the name, address, telephone numbers, manag- 
er's name : employee identification, etc., of the members 
of the group or enterprise. Directory 108 has the struc- 
ture of the database but is optimized for fast look-up of 
information stored therein rather than fast data entry. 
The data in the directory 108 is not changed frequently 
but is required to be accessed rapidly and functions on- 
line as a fast phone book, containing reference informa- 
tion about the members of the group or enterprise stored 
in the authoritative database 104. Certificate authority 
110 is off-the-shelf software executed on server platform 
106, providing storage of certificates and related infor- 
mation used by the present invention as described in 
more detail hereinafter. Registration authority 112 is al- 
so off-the-shelf software executable on server platform 
106 regarding registration performed by the present in- 
vention as described in more detail hereinafter. Key au- 
thority 114 is also off-the-shelf server software which is 
executable on server platform 106 for recovering keys 
from members of the group or enterprise as described 
in more detail hereinafter. Windows 2000 Domain CA 
116 may use certificates provided by the present inven- 
tion for a single sign-on to the network 100 of FIG. 1. 
Legacy server 118 executes legacy application pro- 
grams 120. The legacy server may be, without limitation, 
a main frame; mini-computer, workstation, or other serv- 
er hosting legacy software applications that are de- 
signed to be run on PKI processes in accordance with 
the present invention. The legacy applications 1 20 are 
accessible on the client side by a custom client 1 28 such 
as an emulator or custom database Graphic User Inter- 
face (GUI). Examples of emulators are terminal emula- 
tors of an IBM 3270 or terminal emulators of a vt 100. 
Registration web page 122, which may be one or more 
pages, functions as the user interface to the network 1 00 
of Fig. 1 . Web server 1 24 is a software application which 
serves Web Pages, such as Web Page 122 or other 
HTML outputs, to a web browser client which may be, 
without limitation, Apache or a Microsoft Internet Infor- 
mation Server. Web browser 126 is resident on client 
platform 128 which may be any user computer. Web 
browser 1 26 is a client software application for browsing 
web pages such as but not limited to HTML or XML pro- 



tocols or other protocols. The Web browser 126 is pro- 
grammed to operate with PKI certificates issued by the 
certificate authority 110. Examples of web browsers 
which have this capability are Netscape Navigator and 

5 the Microsoft Internet Explorer. The token 1 30 is a smart 
card, USB (United Serial Bus), or other hardware token 
capable of generating, storing, and using PKI certifi- 
cates. A user 132 is a person using the network 100. A 
user 132 transitions through a number of states which 

10 include a new user, current user, and a former user who 
no longer is a member of the group or enterprise. The 
network 100 is described with reference to two levels of 
security, but the number of the levels of security is not 
a limitation of the present invention, with each level cor- 

15 responding to a different security requirement. The level 

1 search engine 134 is a search engine which is permit- 
ted to search through the network 100 but is allowed 
access to only level 1 data, which is the lowest level of 
security and may be : without limitation, data which is 

20 freely distributable. Level 2 data may be considered to 
be proprietary. Level 2 search engine 136 is a search 
engine which is allowed to search through both level 1 
and level 2 data. A level N search engine (not illustrated) 
is a search engine which is allowed to search through 

25 servers possessing data levels 1 through N. A secured 
level server with level 1 data 138 is a Web server con- 
taining only level 1 data, which is secured so that users 
must have level 1 access (at least) to access the server. 
A secured Web server with level 2 data 140 is a Web 

30 server that contains level 2 data which has been se- 
cured so that users must have level 2 access, with level 

2 users having access to both level 1 and level 2 servers. 
A secured Web server with level N data (not illustrated) 
is a Web server that contains level N data which is ac- 

35 cessible by a user with level N or above access. VPN 
Extranet 1 42 is a software application which functions 
as a network gateway which, as illustrated, may be ei- 
ther to legacy server 118 and legacy application 120 or 
to an external network such as the Internet. Personal 

40 revocation authority 144 is a person who is in charge of 
revocation of members from the network 100. Personal 
registration authority 146 is a person who is in charge 
of registration of members in the network 100. Personal 
recovery approval 1 48 is a person in charge of obtaining 

45 recovery of certificates. A Recovery Agent 1 50 is a per- 
son who performs recovery of certificates and may only 
recover a certificate if the certificate has first been des- 
ignated as recoverable by another person. Personal role 
approval 152 is a person who approves different role 

50 functions within the network 100. A Web server admin- 
istrator is in charge of various web functions in the net- 
work 100. 

[0020] Figure 2 illustrates a partial block diagram of a 
network bearing some features in common with that of 
55 the network 1 00 of Figure 1 . Figure 2 has been provided 
to enable the discussion of a manual technique for gen- 
erating a signature certificate. Elements in Figure 2 
which correspond to those of Figure 1 have been la- 
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beled with the same designation numbers. Note that the 
level 1 and level 2 search engines 134 and 136 of Figure 
1 have been replaced by the single search engine 270 
and the secured Web servers 138 and 140 of Figure 1 
have been replaced by the single secured Web server 
280. 

[0021] In step 1 of Figure 2, the user 132 physically 
presents a photo ID to the Local Registration Authority 
Officer (LRAO) 230. In step 2, the LRAO 230 then uses 
software contained in the local registration authority 250 
to signal the registration authority 1 1 2 to register the new 
user 1 32. In step 3, a public/private key pair is generated 
by either the local registration authority 250 software or 
the registration authority 112 software, depending on 
the products chosen and depending on how they've 
been configured. The public key is sent to the certificate 
authority 110 to be signed, thereby generating a "certif- 
icate". In step 4, a backup copy of the private key may 
also optionally be sent to the key recovery authority 114. 
In step 5, the user's certificate is fowarded to the local 
registration authority 250. In step 6, the LRAO 230 cop- 
ies the certificate (including the private key) onto a flop- 
py disk or hardware token 1 30 or other storage medium 
and then physically hands the stored certificate and pri- 
vate key to the user 1 32. The LRAO 230 must manually 
mark the database or log with the pedigree of the certif- 
icate. 

[0022] Figure 3 illustrates the block diagram of Figure 

1 , showing the steps for obtaining a signature certificate 
with the automated tracking of the certificate pedigree 
in accordance with an embodiment of the present inven- 
tion. 

[0023] In step 0a of Figure 3, a hardware token 130 
Is provided. This token will be used to generate private/ 
public key pairs and is pre-loaded with a role certificate 
and associated private key prior to being provided to the 
user 132. In step 1 of Figure 3, data regarding the new 
user 132 is entered into the authoritative database 104. 
The authoritative database 104 contains information 
about the members of the enterprise including data nec- 
essary to send registration materials to new users. This 
information may include the home or work addresses, 
e-mail addresses, telephone or fax numbers, etc. In step 

2, the data stored in the authoritative database 104 is 
periodically frequently replicated to the system directory 
108. In step 3, the new user 132 attempts to access one 
of the enterprise Web servers 1 38 or 1 40. Since the new 
user 132 does not have a signature, the new user 132 
does not present a signature to the Web server 140 and 
accordingly, the Web server 140, in step 5, redirects the 
new user 132 to the special registration Web page 350. 
At that point, the new user 1 32 identifies itself to the spe- 
cial registration Web page 350. In step 6, the special 
registration Web page 350 queries the directory 108 to 
obtain information about the new user 132. In step 7, 
the directory 1 08 provides information about the new us- 
er to the special registration Web page 350. 

[0024] In step 8 of Figure 3, the special registration 



Web page 350 sends the new user 1 32 a piece of infor- 
mation required to generate a new signature. A different 
piece of information is sent to the personal registration 
authority 1 46. Typically the information will take the form 

5 of a PIN or password. 

[0025] In step 9, the personal registration authority 
146 delivers registration information to the new user 132 
in a face-to-face meeting. In step 10a, the new user 132 
revisits the special registration Web page 350 and can 

to forward the requisite registration information. The spe- 
cial registration of the Web page 350 can only be ac- 
cessed by using a hardware token 130 that has been 
pre-loaded with the requisite role certificate and associ- 
ated private key (from step 0a). In step 11a, the regis- 

15 tration Web server 1 24 signals the registration authority 
112 to register the new user 132 possessing the hard- 
ware token 130 and in step 1 2a, the registration author- 
ity 112 signals the client platform 128 to generate a pri- 
vate/public key pair on the hardware token 130. Before 

20 the public key is sent to the certificate authority, the to- 
ken can sign the certificate request before the certificate 
leaves the token, using the private key. This allows the 
certification authority to know that the pedigree is valid 
for the highest level of assurance in the reliability of the 

25 key storage mechanism. In step 13 ? the public key is 
sent from the client platform 128 to the certificate au- 
thority 110, which records the certificate pedigree as a 
certificate policy object identifier (01 D) in the certificate 
itself. Before signing the certificate, the certification au- 

30 thority validates that the certificate request was signed 
by the token itself. This makes any Trojan horse attack 
impossible because only a valid token, with the valid pri- 
vate key for a specific pedigree could have signed the 
request. In step 14, the certificate authority 110 sends 

35 the signed certificate (with public key) to the directory 
1 08. In step 1 5a, the registration Web server 124 alerts 
the directory 108 that this certificate was generated on 
the hardware token 1 30. The Web server 1 24 knows this 
because of the fact that only a user 130 having a hard- 

40 ware token 1 30 would have been able to access the spe- 
cial version of the registration Web page 350. 
[0026] Thus, if there are one or more categories of 
computing devices which are able to generate digital 
certificates and if one wishes to track which certificates 

45 in an enterprise were generated by a given category of 
devices, then in accordance with the present invention, 
a role certificate is assigned to each category of device 
for certificates which are to be tracked and these role 
certificates are pre-loaded in those devices. An auto- 

so mated registration process is provided which allows ac- 
cess only by individuals possessing that role certificate. 
The process is configured so that individual certificates 
can be generated and so that it can record those in- 
stances in which a given individual certificate was gen- 

55 erated using this process. The recording can occur in- 
side a database, a directory, or any other persistent data 
storage area, and is also labeled as a certificate policy 
OID in the certificate itself. 
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[0027] As a concrete example, assume that Alice 
Jones wishes to use an automated PKI registration 
process to generate her signature certificate. Alice ob- 
tains a hardware token from her employer that has been 
factory pre-loaded with a role certificate called "Level 3 5 
Trust". Alice uses the hardware token to access the au- 
tomated PKI registration process. If Alice were not able 
to present the "Level 3 Trust" certificate to the PKI reg- 
istration process, the registration process would deny 
her attempt to generate an individual signature certifi- 10 
cate. However, since Alice does have the requisite "Lev- 
el 3 Trust" role certificate, the PKI registration process 
consents to her request and more importantly, the PKI 
registration process knows that Alice must have used a 
hardware token to access the process. Accordingly, the *5 
PKI registration process can flag Alice's individual cer- 
tificate as being a "Level 3" certificate in associated da- 
tabases and directories. In other words, the pedigree of 
Alice's certificate has been successfully tracked auto- 
matically without requiring special intervention from an- 20 
other person. Furthermore, each certificate request 
must be specifically signed by the private key associat- 
ed with the trust level of the certificate. This approach 
moves the "trust boundary" from the uncontrolled user 
computer to the controlled token itself. 25 
[0028] An advantage of the present invention is that 
allows existing commercial products and network stand- 
ards to accomplish a new kind of functionality, that is, 
the automated tracking of the pedigree of an individual 
certificate. As a consequence thereof, PKI systems that 30 
are highly automated can now enjoy a feature that was 
previously only available with manually intensive PKI 
systems. Thus, the use of this invention yields a signif- 
icant cost saving when applied to both existing and fu- 
ture PKI system architectures. 35 
[0029] This concludes the description of the example 
embodiments. Although the present invention has been 
described with reference to illustrative embodiments 
thereof, it should be understood that numerous other 
modifications and embodiments can be devised by *o 
those skilled in the art that will fall within the spirit and 
scope of the principles of this invention. More particu- 
larly, reasonable variations and modifications are pos- 
sible in the component parts and/or arrangements of the 
subject combination arrangement within the scope of 45 
the foregoing disclosure, the drawings, and the append- 
ed claims without departing from the spirit of the inven- 
tion. In addition to variations and modifications in the 
component parts and/or arrangements, alternative uses 
will also be apparent to those skilled in the art. so 

Claims 

1 . A method of automatically tracking a certificate ped- 55 
igree comprising: 

providing a new user with a piece of hardware 



containing a predetermined pedigree certificate 
stored therein, the predetermined pedigree cer- 
tificate having a level of trust bearing a relation- 
ship to a category of hardware which the pro- 
vided piece of hardware is a member of , and 
providing an automated registration arrange- 
ment which can only be accessed by users hav- 
ing a piece of hardware containing a predeter- 
mined pedigree certificate having a specified 
level of trust stored therein; 

wherein, upon the new user accessing the au- 
tomated registration arrangement using the provid- 
ed piece of hardware, the automated registration ar- 
rangement provides the new user with an individual 
signature certificate having a level of trust commen- 
surate with that of the pedigree certificate and 
wherein the automated registration arrangement 
flags the new user's individual signature certificate 
with the level of trust of the pedigree certificate in 
an appropriate storage area. 

2. The method of claim 1 , further comprising providing 
the user with at least two pieces of information, 
wherein, upon the new user accessing the automat- 
ed registration arrangement, the automated regis- 
tration arrangement requires the user to provide the 
at least two pieces of information prior to providing 
the individual signature certificate to the user. 

3. The method of claim 2, wherein one of the at least 
two pieces of information is provided to the user by 
the automated registration arrangement in re- 
sponse to the user providing an additional piece of 
information to the automated registration arrange- 
ment. 

4. The method of claim 2, wherein one of the at least 
two pieces of information is provided to the user by 
a personal registration authority. 

5. The method of claim 2, wherein each of the at least 
two pieces of information comprises one of either a 
PIN (Personal Identity Number) or a password. 

6. The method of claim 4, wherein each of the at least 
two pieces of information comprises one of either a 
PIN (Personal Identity Number) or a password. 

7. The method of claim 1 , wherein the automated reg- 
istration arrangement comprises a special registra- 
tion Web page. 

8. An apparatus for automatically tracking a certif icate 
pedigree comprising: 

a piece of hardware containing a predeter- 
mined pedigree certificate stored therein, the 
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predetermined pedigree certificate having a 
level of trust bearing a relationship to a catego- 
ry of hardware which the provided piece of 
hardware is a member of; and 
an automated registration arrangement which 
can only be accessed by users having a piece 
of hardware containing a predetermined pedi- 
gree certificate having a specified level of trust 
stored therein; 
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wherein, upon a new user accessing the au- 
tomated registration arrangement using the piece 
of hardware, the automated registration arrange- 
ment provides the new user with an individual sig- 
nature certificate having a level of trust commensu- ' s 
rate with that of the pedigree certificate and wherein 
the automated registration arrangement flags the 
new* user's individual signature certificate with the 
level of trust of the pedigree certificate in an appro- 
priate storage area. 20 

9. The apparatus of claim 8, furthercomprising at least 
two pieces of information, wherein, upon the new 
user accessing the automated registration arrange- 
ment, the automated registration arrangement re- 25 
quires the user to provide the at least two pieces of 
information prior to providing the individual signa- 
ture certificate to the user. 

10. The apparatus of claim 9, wherein one of the at least 30 
two pieces of information is provided to the user by 
the automated registration arrangement in re- 
sponse to the user providing an additional piece of 
information to the automated registration arrange- 
ment. 35 

1 1 . The apparatus of claim 8, wherein one of the at least 
two pieces of information is provided to the user by 
a personal registration authority. 

40 

1 2. The apparatus of claim 9, wherein one of the at least 
two pieces of information is provided to the user by 
a personal registration authority. 

13. The apparatus of claim 8, wherein each of the at 4$ 
least two pieces of information comprises one of ei- 
ther a PIN (Personal Identity Number) or a pass- 
word. 

14. The apparatus of claim 8, wherein the automated so 
registration arrangement comprises a special reg- 
istration Web page. 
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